This entry will start a new section specifically focused on Question and Answers that often come up in the UAC in MSI dialogs. First up, should I write my installer as a Standard User install? If yes, how?

Should I write my installer as a Standard User Install?

It depends. The dependencies include

Whether the architecture of the application being installed will work from a Standard User installed location. There are places in the system that will always require admin rights to install to. If your application must go there, there's no use in going any further.

If you're going to have an application that needs administrator's permission to run, you don't want it in a per-user location. An application that is going to be elevated should install to a location that is not Standard User tamper-able. Were a program that ran elevated tamer-able by the user, a black hat could modify the binary in the per-user context and then elevate to compromise the entire machine.

When talking to customers, package producers (generally ISVs) have told me they don't want per-user for these reasons

Installing to locations the user has the ability to alter might reduce the confidence the package producer has for the integrity of the install. This can affect support costs as well as computational correctness under a regulatory environment (lawyers, accounts, food and drug companies, government agencies, etc)

Multiple instances of an install means there is duplicate copies of binaries on the machine which wastes disk space. A per-machine install creates a single copy of common binaries for all users thus saving space.

Software is less secure because updating behavior has to be done for each user on the machine. In other words, the occasional user on the machine can made the machine vulnerable because they are not on the machine often enough to keep the software they use up to date.

When talking to customers, package consumers (generally corporations) have told me they

Want programs in locations users can't tamper with. User tampering is a major source of support costs.

Centralized install, servicing, and uninstall from a central IT department are all more challenging when the apps are just in the users profile. There are numerous conditions where it is known not to work at all.

The one case Standard User makes the most sense is viral applications that are being distributed via the web. Even for these applications one has to ask the question: do you want to eventually grow-up to be distributed inside a corporation?

How do I build a Standard User package?

This takes a bit of work to make a package install only to the locations a Standard User has permission. Some of the requirements are

Files must be written only to folders that Standard User has access to. Assuming the ALLUSERS is always set to the per-user setting, you can use the redirectable folder properties but not ProgramFilesFolder as it does not redirect on per-user.